Many Oracle Linux systems come configured with liberal administrative privileges for non-root users. These privileges should not be made available to users who log in using a Sun Ray Client.
To limit administrative access, do the following:
Review the man pages for pam_console
,
console.perms
, and
console.apps
.
Edit the /etc/security/console.perms
file
to remove display numbers from the definition of console. If a
definition exists for xconsole
, it should
be removed.
For example, a line that reads:
<console>=tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]?[0-9] :[0-9]
should instead read:
<console>=tty[0-9][0-9]* vc/[0-9][0-9]*
And a line such as the following example should be removed:
<xconsole>=:[0-9]?[0-9] :[0-9]